Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The course starts this October in Amsterdam and you can sign up here: https://learnk8s.io/amsterdam-advanced-october-2023
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The course starts this October in Amsterdam and you can sign up here: https://learnk8s.io/amsterdam-advanced-october-2023
CRI-compatible container runtimes feature full support for container image signature verification in v1.28.
In this article, you will learn how a single instance can validate the signatures before any image pull can occur.
More: https://kubernetes.io/blog/2023/06/29/container-image-signature-verification
In this article, you will learn how a single instance can validate the signatures before any image pull can occur.
More: https://kubernetes.io/blog/2023/06/29/container-image-signature-verification
When your container gets breached, the attacker can use tools like curl to download more tools for further exploitation and lateral movement within your system.
LProbe is as wget/curl replacement for hardened and secure container images.
More: https://github.com/fivexl/lprobe
LProbe is as wget/curl replacement for hardened and secure container images.
More: https://github.com/fivexl/lprobe
Forwarded from KubeFM
Making autoscaling dead simple in Kubernetes: KEDA
In this episode, Jorge Turrado tells the story of how he became a KEDA maintainer while learning to write Go.
📺 Watch or listen to the full episode here: https://kube.fm/keda-jorge-turrado
In this episode, Jorge Turrado tells the story of how he became a KEDA maintainer while learning to write Go.
📺 Watch or listen to the full episode here: https://kube.fm/keda-jorge-turrado
Forwarded from LearnKube news
The VPC CNI plugin and pods inherit the EKS node IAM role by default.
If the node role has the AmazonEKS_CNI_Plugin attached, pods running on the node can attach and detach ENIs and assign IP addresses.
In this article, you'll learn how to solve this.
More: https://medium.com/@jandersson89/securing-aws-eks-configure-the-vpc-cni-plugin-to-use-irsa-51351f893c18
If the node role has the AmazonEKS_CNI_Plugin attached, pods running on the node can attach and detach ENIs and assign IP addresses.
In this article, you'll learn how to solve this.
More: https://medium.com/@jandersson89/securing-aws-eks-configure-the-vpc-cni-plugin-to-use-irsa-51351f893c18
In this tutorial, you will learn how to use Kyverno to inject fields into Kubernetes resources to remove dangling jobs automatically.
More: https://blog.wtcx.dev/2022/07/09/automatically-clean-up-dangling-jobs-with-policy-engine
More: https://blog.wtcx.dev/2022/07/09/automatically-clean-up-dangling-jobs-with-policy-engine
Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshop!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The course starts the 30th of October in Amsterdam and you can sign up here: https://learnk8s.io/amsterdam-advanced-october-2023
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The course starts the 30th of October in Amsterdam and you can sign up here: https://learnk8s.io/amsterdam-advanced-october-2023
Kubewarden policy deprecated-api-versions is a Kubewarden policy that detects usage of Kubernetes resources that have been deprecated or removed.
More: https://github.com/kubewarden/deprecated-api-versions-policy
More: https://github.com/kubewarden/deprecated-api-versions-policy
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
🔍 How to traceroute pod-to-pod traffic
🔦 VPN tunnels: how we used them to migrate to
🗺️ Container Checkpointing
📦 kube-image-keeper
✅ Verifying container image signatures
Read it now: https://learnk8s.io/issues/47
🔍 How to traceroute pod-to-pod traffic
🔦 VPN tunnels: how we used them to migrate to
🗺️ Container Checkpointing
📦 kube-image-keeper
✅ Verifying container image signatures
Read it now: https://learnk8s.io/issues/47
In this detailed write-up, you will uncover how the botnet run by TeamTNT attacks vulnerable Docker and Kubernetes environments, Redis servers, Postgres databases, Hadoop clusters, Tomcat and others.
More: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign
More: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Tubi
💰 $197K to $259K a year
👨💻 Remote from the United States
→ https://kube.careers/t/fbfd93b4-e284-47f8-89a9-6e7cfa4c82ad?s=55
DevSecOps Engineer with Robinhood
💰 $169K to $255K a year
🏠 From the office in Menlo Park, CA / New York, NY / Seattle, WA / Washington, DC, USA
→ https://kube.careers/t/bcecc046-9f28-4766-aaad-e8cb41ae9aa3?s=55
DevSecOps Engineer with Pure Storage
💰 $167K to $251K a year
🏠 From the office in Santa Clara, CA, USA
→ https://kube.careers/t/611fe80e-6e6d-4ece-b428-4af7561f7af7?s=55
DevSecOps Engineer with Verkada
💰 $120K to $285K a year
🏠 From the office in San Mateo, CA, USA
→ https://kube.careers/t/48e3f6f7-5043-43b1-8c58-6bc81939bc19?s=55
DevSecOps Engineer with Voltron Data
💰 $170K to $220K a year
🌎 Fully remote
→ https://kube.careers/t/f2509a98-e72c-4444-a44e-7f9502b58e1a?s=55
👉 Browse all 477 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Tubi
💰 $197K to $259K a year
👨💻 Remote from the United States
→ https://kube.careers/t/fbfd93b4-e284-47f8-89a9-6e7cfa4c82ad?s=55
DevSecOps Engineer with Robinhood
💰 $169K to $255K a year
🏠 From the office in Menlo Park, CA / New York, NY / Seattle, WA / Washington, DC, USA
→ https://kube.careers/t/bcecc046-9f28-4766-aaad-e8cb41ae9aa3?s=55
DevSecOps Engineer with Pure Storage
💰 $167K to $251K a year
🏠 From the office in Santa Clara, CA, USA
→ https://kube.careers/t/611fe80e-6e6d-4ece-b428-4af7561f7af7?s=55
DevSecOps Engineer with Verkada
💰 $120K to $285K a year
🏠 From the office in San Mateo, CA, USA
→ https://kube.careers/t/48e3f6f7-5043-43b1-8c58-6bc81939bc19?s=55
DevSecOps Engineer with Voltron Data
💰 $170K to $220K a year
🌎 Fully remote
→ https://kube.careers/t/f2509a98-e72c-4444-a44e-7f9502b58e1a?s=55
👉 Browse all 477 Kubernetes jobs on Kube Careers https://kube.careers
Forwarded from Kube Architect
In this tutorial, you will learn how to implement chaos testing for your backend services in Kubernetes using k6 to observe how they behave when unexpected incidents happen.
More: https://semaphoreci.com/blog/chaos-testing-k6
More: https://semaphoreci.com/blog/chaos-testing-k6
Forwarded from Kube Architect
Learn how to rebalance workloads in your Kubernetes cluster to optimize resource allocations.
In this webinar, you'll learn:
- What the Decheduler is and how it works
- Policies to reallocate pods in your nodes
📅 12 Oct
⏰ 8am PT | 5pm CET
👉 https://kube.events/t/33c89654-e376-4a7f-8a43-15619a3502da
In this webinar, you'll learn:
- What the Decheduler is and how it works
- Policies to reallocate pods in your nodes
📅 12 Oct
⏰ 8am PT | 5pm CET
👉 https://kube.events/t/33c89654-e376-4a7f-8a43-15619a3502da
This media is not supported in your browser
VIEW IN TELEGRAM
Zarf eliminates the complexity of air gap software delivery for Kubernetes clusters and cloud-native workloads using a declarative packaging strategy to support DevSecOps in offline and semi-connected environments.
More: https://github.com/defenseunicorns/zarf
More: https://github.com/defenseunicorns/zarf
In this 2-part article, you will learn how to set up and use the Pod Security Admission Controller and apply policies to a specific namespace and the entire cluster.
More: https://faun.pub/pod-security-admission-controller-cluster-level-bda83b80d916
More: https://faun.pub/pod-security-admission-controller-cluster-level-bda83b80d916
Forwarded from LearnKube news
Puzzlefs is a container filesystem designed to address the limitations of the existing OCI format.
The project's primary goals are reduced duplication, reproducible image builds, direct mounting support and memory safety guarantees.
More: https://github.com/project-machine/puzzlefs
The project's primary goals are reduced duplication, reproducible image builds, direct mounting support and memory safety guarantees.
More: https://github.com/project-machine/puzzlefs
In this tutorial, you will find a demo of a Kubernetes Dynamic Validating Admission controller.
You will learn how to write a webhook server in Go and plan for its reliability and availability.
More: https://dev.to/gkampitakis/kubernetes-dynamic-admission-control-1f9p
You will learn how to write a webhook server in Go and plan for its reliability and availability.
More: https://dev.to/gkampitakis/kubernetes-dynamic-admission-control-1f9p
Forwarded from KubeFM
Gazal hinted at a 40% reduction in compute capacity when combining Bottlerocket OS and Karpenter (and 30% lower response times).
This and more on the new episode of the KubeFM podcast with Bart Farrell!
👉 https://kube.fm/gazal-eks-bottlerocket-karpenter
This and more on the new episode of the KubeFM podcast with Bart Farrell!
👉 https://kube.fm/gazal-eks-bottlerocket-karpenter
Forwarded from Kube Events
Learn how to rebalance workloads in your Kubernetes cluster to optimize resource allocations.
In this webinar, you'll learn:
- What the Decheduler is and how it works
- Policies to reallocate pods in your nodes
📅 12 Oct
⏰ 8am PT | 5pm CET
👉 https://kube.events/t/33c89654-e376-4a7f-8a43-15619a3502da
In this webinar, you'll learn:
- What the Decheduler is and how it works
- Policies to reallocate pods in your nodes
📅 12 Oct
⏰ 8am PT | 5pm CET
👉 https://kube.events/t/33c89654-e376-4a7f-8a43-15619a3502da
In this tutorial, you will learn how to set up an auto-rotating secret for a database connection using the External Secret Operator and Vault.
Secrets refresh every hour, and your apps stay connected to the database with new valid credentials.
More: https://dev.to/canelasevero/true-secrets-auto-rotation-with-eso-and-vault-1g4o
Secrets refresh every hour, and your apps stay connected to the database with new valid credentials.
More: https://dev.to/canelasevero/true-secrets-auto-rotation-with-eso-and-vault-1g4o
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
🏃🏻♂️ Migrating etcd between clouds
🤔 What happens when… Kubernetes edition!
⚒️ Build your own Docker
💰 Upgrading 100s of clusters
🔙 S3 backups with Crossplane
Read it now: https://learnk8s.io/issues/48
🏃🏻♂️ Migrating etcd between clouds
🤔 What happens when… Kubernetes edition!
⚒️ Build your own Docker
💰 Upgrading 100s of clusters
🔙 S3 backups with Crossplane
Read it now: https://learnk8s.io/issues/48